Patching Etcd and Vault
Caution:
Ensure that all preparation steps for system patching have been completed. For instructions, see Prepare for Patching.
The secret service contains two components that need to be patched separately in this particular order: first Etcd, then Vault.
The Etcd and Vault patches are rolling patches: each patch is executed on all three management nodes with one command.
Note:
In software version 3.0.2-b892153 and later all patch operations are based on the upgrade
plan, which is generated when the pre-upgrade command is executed. For more information, see
Prepare for Patching. When a component is already at the
required version, the patch operation is skipped. However, patching with the same version
can be forced using the Service Web UI or Service CLI command option
(force=True
), if necessary.
Ensure you perform a system backup before you apply a patch. See the Backup and Restore section of the Oracle Private Cloud Appliance Administrator Guide.
Using the Service Web UI
-
In the navigation menu, click Upgrade & Patching.
-
In the top-right corner of the Upgrade Jobs page, click Create Upgrade or Patch.
The Create Request window appears. Choose Patch as the Request Type.
-
Select the appropriate patch request type: Patch Etcd.
-
If required, fill out the patch parameters:
-
ULN: Enter the fully qualified domain name of the ULN mirror in your data center. This parameter is deprecated in software version 3.0.2-b892153 and later.
-
Advanced Options JSON: Not available.
-
Log Level: Optionally, select a specific log level for the upgrade log file. The default log level is "Information". For maximum detail, select "Debug".
-
-
Click Create Request.
The new patch request appears in the Upgrade Jobs table.
-
When the Etcd patch has completed successfully, repeat this procedure to create a patch for Vault.
Using the Service CLI
-
Enter the two patch commands. Wait until the Etcd patch operation is finished before starting the Vault patch operation.
PCA-ADMIN> patchEtcd Command: patchEtcd Status: Success Time: 2022-01-24 18:43:56.849 UTC Data: Service request has been submitted. Upgrade Job ID = 1642593966208-etcd-6066 \ Upgrade Request ID = UWS-1ee38895-dedf-41c5-ab77-eebe294707ed PCA-ADMIN> patchVault Command: patchVault Status: Success Time: 2022-01-24 18:48:21.841 UTC Data: Service request has been submitted. Upgrade Job ID = 1642594274785-vault-29202 \ Upgrade Request ID = UWS-77bc0c30-7ff5-4c50-ad09-6f96907e22e1
-
Use the request ID and the job ID to check the status of the upgrade process.
PCA-ADMIN> getupgradejobs Command: getupgradejobs Status: Success Time: 2023-01-24 21:23:22,117 UTC Data: id upgradeRequestId commandName result -- ---------------- ----------- ------ 1642594274785-vault-29202 UWS-77bc0c30-7ff5-4c50-ad09-6f96907e22e1 vault Passed 1642593966208-etcd-6066 UWS-1ee38895-dedf-41c5-ab77-eebe294707ed etcd Passed PCA-ADMIN> getUpgradeJob upgradeJobId=1642594274785-vault-29202 Command: getUpgradeJob upgradeJobId=1642594274785-vault-29202 Status: Success Time: 2023-01-24 21:55:43,804 UTC Data: Upgrade Request Id = UWS-77bc0c30-7ff5-4c50-ad09-6f96907e22e1 Name = vault [...]